This Week in Malware - Over Five Dozen More Packages Discovered

By Aaron Linskens on September 23, 2022 vulnerabilities

2 minute read time

This week in malware we discovered and analyzed over five dozen packages flagged as malicious, suspicious, or dependency confusion attacks.
Read More...

This Week in Malware - Almost 100 Packages

By Aaron Linskens on September 16, 2022 vulnerabilities

2 minute read time

This week in malware Sonatype discovered and analyzed over seven dozen packages flagged as malicious, suspicious, or dependency confusion attacks.
Read More...

This Week in Malware—Ongoing Dependency Confusion

By Ax Sharma on September 09, 2022 vulnerabilities

4 minute read time

This week in malware, Sonatype's automated malware detection systems have spotted over four dozen dependency confusion candidates.
Read More...

This Week in Malware - A PyPI Phishing Follow-up Plus 120 Packages

By Aaron Linskens on September 02, 2022 vulnerabilities

4 minute read time

This week Sonatype discovered and analyzed 120 packages flagged as malicious, suspicious, or dependency confusion attacks.
Read More...

This Week in Malware - 450 Packages and a Phishing Campaign Against PyPI Maintainers

By Aaron Linskens on August 26, 2022 vulnerabilities

6 minute read time

This week Sonatype discovered and analyzed 450 packages flagged as malicious, suspicious, or dependency confusion attacks.
Read More...

This Week in Malware— Cryptominers Flood npm, PyPI, and More Dependency Confusion

By Hernán Ortiz on August 19, 2022 vulnerabilities

2 minute read time

This week Sonatype discovered 200+ npm and PyPI packages that are cryptominers, with additional packages comprising dependency confusion PoCs.
Read More...

This Week in Malware - Fileless Linux Cryptominer, 100 Packages

By Aaron Linskens on August 12, 2022 vulnerabilities

6 minute read time

This week Sonatype discovered more than 100 open source packages that were malicious, suspicious, or dependency confusion attacks.
Read More...

This Week in Malware—Typosquats in PyPI, Dependency Confusion Packages

By Hernán Ortiz on August 04, 2022 vulnerabilities

2 minute read time

This Week in Malware we discovered 50 packages that are either malicious or dependency confusion attacks.
Read More...

This Week in Malware—John Deere Dependency Confusion Attempt and More

By Ax Sharma on July 22, 2022 vulnerabilities

3 minute read time

We discovered and analyzed 17 packages, at least a dozen of which were dependency confusion PoCs directly targeting the agricultural equipment giant John Deere (Deere & Company). An additional 42
Read More...